Generate reviews, add TrustBox for your Woocommerce site with Trustpilot reviews plugin
Category Scores
Top Issues by Category
security32
maintainability28
repo_compliance5
Issues Details
66 issues found in latest scan
Processing form data without nonce verification.
$_POST['customTrustBoxes'] not unslashed before sanitization. Use wp_unslash() or similar
Processing form data without nonce verification.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
The use of function set_time_limit() is discouraged
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
The plugin name includes a restricted term. Your chosen plugin name - "Trustpilot Reviews" - contains the restricted term "trustpilot" which cannot be used at all in your plugin name.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WITHOUT_PRODUCT_DATA".
Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 3.5.1.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
error_log() found. Debug code should not normally be used in production.
var_export() found. Debug code should not normally be used in production.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$settings_html'.
Detected usage of a non-sanitized input variable: $_SERVER['HTTP_X_CSRF_TOKEN']
Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.
Plugin name "Trustpilot Reviews" is different from the name declared in plugin header "Trustpilot-reviews".
Tested up to: 6.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Invalid License: AFL-3.0. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
One or more tags were ignored. The following tags are not permitted: "plugin", "wordpress"
One or more tags were ignored. Please limit your plugin to 5 tags.
The "Text Domain" header in the plugin file should only contain lowercase letters, numbers, and hyphens. Found "Trustpilot-reviews".
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 14 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['customTrustBoxes'] not unslashed before sanitization. Use wp_unslash() or similar | 10 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 6 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 6 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 4 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 3 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "Trustpilot Reviews" - contains the restricted term "trustpilot" which cannot be used at all in your plugin name. | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WITHOUT_PRODUCT_DATA". | 2 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 3.5.1. | 2 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_error_log | WARNING | error_log() found. Debug code should not normally be used in production. | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_var_export | WARNING | var_export() found. Debug code should not normally be used in production. | 1 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$settings_html'. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_SERVER['HTTP_X_CSRF_TOKEN'] | 1 |
| license_mismatch | ERROR | Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Trustpilot Reviews" is different from the name declared in plugin header "Trustpilot-reviews". | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_invalid_license | ERROR | Invalid License: AFL-3.0. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_ignored_tags | WARNING | One or more tags were ignored. The following tags are not permitted: "plugin", "wordpress" | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
| textdomain_invalid_format | ERROR | The "Text Domain" header in the plugin file should only contain lowercase letters, numbers, and hyphens. Found "Trustpilot-reviews". | 1 |
Latest Snapshot
Findings
66
Errors
14
Warnings
52
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.16.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.16.0
51
Latest
- Findings
- 66
- Errors
- 14
- Warnings
- 52
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 51 | 66 | 14 | 52 | v3.16.0 | 2.0.0 | 2026.06-mvp-static-v2 |
